[guardian-dev] OTRDATA draft specifications
Miron
miron at hyper.to
Wed Oct 16 18:25:25 EDT 2013
Quick note - when I refer to "plugins" below, I just mean apps that use
ChatSecure as a transport mechanism. The communication between the
plugin apps and ChatSecure is currently through Service intents.
On 10/16/2013 12:52 PM, Hans-Christoph Steiner wrote:
> ...
> I agree with Kevin's points. I'll add some more comments. I'm having a hard
> time visualizing the whole interaction over OTRDATA without any mention of
> authentication. This particular API does not have any auth built into it. It
I was envisioning that this would use OTR authentication underneath
(exposing it to the plugin). I was also envisioning a ToFU approach to
top-level authorization: "a at a.com wants to share with the Location
plugin, allow once, always or deny?".
> seems that for OTRDATA to be widely useful, it will need to have relatively
> fine-grained permissions. For example, if I want to share my location with a
> list of my buddies, then there will need to be a mechanism somewhere to
> enforce that. It will then be tricky to make that manageable without having
> some crazy Access Control List UI.
For finer grained authorization (e.g. which friend can see which pics),
I would defer to the plugins themselves to implement the specific logic
and UI.
>
> What about using a push model for OTRDATA? This would work well for file
> transfer and sharing bits of data like location. Then permissions become more
> like a list of recipients. I don't really have this idea fleshed out, but its
> just a hunch that it might be easier from this point of view.
Either side can initiate a message, so a push model should be possible.
I am interested in hearing more.
>
> And two little points about the wiki page:
>
> * client-client is peer-to-peer, no?
> * why max packet size of 64k?
>
> .hc
>
>
More information about the Guardian-dev
mailing list